Joshua Rubin has been with zvelo since 2007. A highly skilled developer and leader with deep experience and technical knowledge, Joshua specializes in a broad range of areas including scalable, high performance API architecture, web applications, mobile apps and back-end libraries. Performance, simplicity, security and design take a backseat to nothing in Joshua’s work.

Google Wallet Security: Rooted Device Vulnerabilities…

Much has been said in the last few days about the security of the Android platform in general and Google Wallet specifically. One frequent question that has been asked of the Google Wallet PIN vulnerability we found is “should the average consumer be concerned about mobile device exploits that require root privileges?” The unfortunate answer is “yes.” The reason is that while it is true that this PIN vulnerability requires root privileges to succeed, it does not require that the device be rooted previously.

Black Hat – Las Vegas 2011: Report #3

After Cofer’s talk, I settled into the “Next-Gen Web” track, which was smaller than the “threat intel” and “bit flow” tracks that drew big crowds. The first topic was on a new web protocol being developed by Google called SPDY (pronounced “speedy”). While interesting, the talk had little to do with security. The speaker was a young German who is heavily involved in the security sector, but his talk simply explained the protocol. I honestly could have gathered most of what he spoke about by reading the documentation and playing with some examples. I was not terribly impressed.